Saturday, June 22, 2024

A New Banking Malware Disguises as Security Module Steals Your Banking Credentials

A new unique banking malware dubbed CamuBot poses itself like a security module from the bank to gain victim’s trust and tempt them into installing the malware on their device.

The threat actor’s actively targeting the companies and public sector organizations using a number of social engineering techniques to bypass the security controls.

Security researchers from IBM spotted the CamuBot malware is more sophisticated and designed with a new code. It is different from the common banking trojans and it is blended with a number of social engineering techniques for device take over.

Unique Banking Malware Targets Business Bank Account Customers

The attack start’s with some basic reconnaissance, they use to call the person who is holding the Business Bank Account and identify them as the bank employee and ask the victim’s to navigate to the URL to ensure their security module is up to date.

It is a fake page to trick the victim’s so it comes up as negative and ask’s them to install a new security module. Also, it advises the victim’s to run the security module as an admin user and to close any other running programs.

To gain user’s trust it shows the banking logo and the modules install into the victim’s device silently. It also establishes a proxy module and add’s itself into the firewall to make it appear trusted.

The executable, name of the file and the URL are not a static one, they continue to change for every installation. Communication established through Secure Shell (SSH)-based SOCKS proxy.

Once the installation completed it pop-up a screen and redirects victim’s to a phishing page that designed like a banking portal. The phishing page asks victim’s to input his or her credentials and attackers make use of it. Attackers hang up after the account takeover.

According to IBM X-Force researchers, if there is any endpoint the malware is used to install additional drivers for the device, then attackers ask to enable remote sharing if the victim authorizes then it enables attackers to intercept to intercept one-time passwords. By having the one-time passwords the attackers can initiate a fraudulent transaction.

The delivery of CamuBot is personalized, at this time, CamuBot targets business account holders in Brazil and not in any other geographies said X-Force researchers.

Also Read

Dangerous Android Malware that Steals Banking Credentials, Call Forwarding, Keylogging, and Ransomware Activities

Android Device With Open ADB Ports Exploited to Spread Satori Variant of Mirai Botnet

60,000 Android Devices are Infected with Malicious Battery Saver App that Steals Various Sensitive Data


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles